Compilation results for enc-4.cloudinfra.eqiad1.wikimedia.cloud: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	1118
Resources added:	12
Resources removed:	4
Resources modified:	16
Change percentage:	2.86%

Resources only in the new catalog

File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp]
Ferm::Service[dhcp6_response]
Nftables::Service[metricsinfra-prometheus-all-udp]
Firewall::Service[metricsinfra-prometheus-all-tcp]
File[/etc/ferm/conf.d/10_dhcp6_response]
File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp]
Firewall::Service[metricsinfra-prometheus-all-udp]
Nftables::Service[dhcp6-response]
Firewall::Service[dhcp6-response]
Ferm::Service[metricsinfra_prometheus_all_tcp]
Nftables::Service[metricsinfra-prometheus-all-tcp]
Ferm::Service[metricsinfra_prometheus_all_udp]

Resources only in the old catalog

File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all]
File[/etc/ferm/conf.d/10_dhcp6-response]
Ferm::Rule[metricsinfra-prometheus-all]
Ferm::Service[dhcp6-response]

Resources modified

Ferm::Rule[metricsinfra-prometheus-all]

Parameters differences:

--- Ferm::Rule[metricsinfra-prometheus-all].orig
+++ Ferm::Rule[metricsinfra-prometheus-all]

-    rule   => saddr @resolve((metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud)) ACCEPT;
-    ensure => present
-    chain  => INPUT
-    desc   => 
-    table  => filter
-    prio   => 10
-    domain => (ip ip6)

Firewall::Service[dhcp6-response]

Parameters differences:

--- Firewall::Service[dhcp6-response].orig
+++ Firewall::Service[dhcp6-response]

+    proto               => udp
+    srange              => ['fe80::/10']
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port                => 546
+    desc                => 
+    drange              => ['fe80::/10']

File[/etc/ferm/conf.d/10_dhcp6_response]

Parameters differences:

--- File[/etc/ferm/conf.d/10_dhcp6_response].orig
+++ File[/etc/ferm/conf.d/10_dhcp6_response]

+    require => File[/etc/ferm/conf.d]
+    group   => root
+    ensure  => present
+    notify  => Service[ferm]
+    owner   => root
+    tag     => ferm
+    mode    => 0400

Content differences:

--- /etc/ferm/conf.d/10_dhcp6_response.orig
+++ /etc/ferm/conf.d/10_dhcp6_response
@@ -0,0 +1,6 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# 
+&RD_SERVICE(udp, 546, (fe80::/10), (fe80::/10));
+
+

Nftables::Service[metricsinfra-prometheus-all-udp]

Parameters differences:

--- Nftables::Service[metricsinfra-prometheus-all-udp].orig
+++ Nftables::Service[metricsinfra-prometheus-all-udp]

+    src_ips             => ['172.16.0.229', '172.16.6.65']
+    proto               => udp
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port_range          => [1, 65535]
+    desc                =>

Ferm::Service[dhcp6-response]

Parameters differences:

--- Ferm::Service[dhcp6-response].orig
+++ Ferm::Service[dhcp6-response]

-    proto               => udp
-    srange              => fe80::/10
-    unrestricted_access => False
-    ensure              => present
-    prio                => 10
-    notrack             => False
-    port                => 546
-    desc                => 
-    drange              => fe80::/10

Ferm::Service[metricsinfra_prometheus_all_tcp]

Parameters differences:

--- Ferm::Service[metricsinfra_prometheus_all_tcp].orig
+++ Ferm::Service[metricsinfra_prometheus_all_tcp]

+    proto               => tcp
+    srange              => ['metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud', 'metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud']
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port_range          => [1, 65535]
+    desc                =>

Firewall::Service[metricsinfra-prometheus-all-udp]

Parameters differences:

--- Firewall::Service[metricsinfra-prometheus-all-udp].orig
+++ Firewall::Service[metricsinfra-prometheus-all-udp]

+    proto               => udp
+    srange              => ['metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud', 'metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud']
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port_range          => [1, 65535]
+    desc                =>

File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp]

Parameters differences:

--- File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp].orig
+++ File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp]

+    require => File[/etc/ferm/conf.d]
+    group   => root
+    ensure  => present
+    notify  => Service[ferm]
+    owner   => root
+    tag     => ferm
+    mode    => 0400

Content differences:

--- /etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp.orig
+++ /etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp
@@ -0,0 +1,6 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# 
+&R_SERVICE(tcp, 1:65535, (172.16.0.229 172.16.6.65));
+
+

Ferm::Service[dhcp6_response]

Parameters differences:

--- Ferm::Service[dhcp6_response].orig
+++ Ferm::Service[dhcp6_response]

+    proto               => udp
+    srange              => ['fe80::/10']
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port                => 546
+    desc                => 
+    drange              => ['fe80::/10']

Ferm::Service[metricsinfra_prometheus_all_udp]

Parameters differences:

--- Ferm::Service[metricsinfra_prometheus_all_udp].orig
+++ Ferm::Service[metricsinfra_prometheus_all_udp]

+    proto               => udp
+    srange              => ['metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud', 'metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud']
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port_range          => [1, 65535]
+    desc                =>

Nftables::Service[metricsinfra-prometheus-all-tcp]

Parameters differences:

--- Nftables::Service[metricsinfra-prometheus-all-tcp].orig
+++ Nftables::Service[metricsinfra-prometheus-all-tcp]

+    src_ips             => ['172.16.0.229', '172.16.6.65']
+    proto               => tcp
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port_range          => [1, 65535]
+    desc                =>

Firewall::Service[metricsinfra-prometheus-all-tcp]

Parameters differences:

--- Firewall::Service[metricsinfra-prometheus-all-tcp].orig
+++ Firewall::Service[metricsinfra-prometheus-all-tcp]

+    proto               => tcp
+    srange              => ['metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud', 'metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud']
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port_range          => [1, 65535]
+    desc                =>

File[/etc/ferm/conf.d/10_dhcp6-response]

Parameters differences:

--- File[/etc/ferm/conf.d/10_dhcp6-response].orig
+++ File[/etc/ferm/conf.d/10_dhcp6-response]

-    require => File[/etc/ferm/conf.d]
-    group   => root
-    ensure  => present
-    notify  => Service[ferm]
-    owner   => root
-    tag     => ferm
-    mode    => 0400

Content differences:

--- /etc/ferm/conf.d/10_dhcp6-response.orig
+++ /etc/ferm/conf.d/10_dhcp6-response
@@ -1,6 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 
-&RD_SERVICE(udp, 546, fe80::/10, fe80::/10);
-
-

Nftables::Service[dhcp6-response]

Parameters differences:

--- Nftables::Service[dhcp6-response].orig
+++ Nftables::Service[dhcp6-response]

+    src_ips             => ['fe80::/10']
+    proto               => udp
+    unrestricted_access => False
+    ensure              => present
+    prio                => 10
+    notrack             => False
+    port                => 546
+    dst_ips             => ['fe80::/10']
+    desc                =>

File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp]

Parameters differences:

--- File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp].orig
+++ File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp]

+    require => File[/etc/ferm/conf.d]
+    group   => root
+    ensure  => present
+    notify  => Service[ferm]
+    owner   => root
+    tag     => ferm
+    mode    => 0400

Content differences:

--- /etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp.orig
+++ /etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp
@@ -0,0 +1,6 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# 
+&R_SERVICE(udp, 1:65535, (172.16.0.229 172.16.6.65));
+
+

File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all]

Parameters differences:

--- File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all].orig
+++ File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all]

-    require => File[/etc/ferm/conf.d]
-    group   => root
-    ensure  => present
-    notify  => Service[ferm]
-    owner   => root
-    tag     => ferm
-    mode    => 0400

Content differences:

--- /etc/ferm/conf.d/10_metricsinfra-prometheus-all.orig
+++ /etc/ferm/conf.d/10_metricsinfra-prometheus-all
@@ -1,11 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 10_metricsinfra-prometheus-all: 
-
-domain (ip ip6) {
-	table filter {
-		chain INPUT {
-			saddr @resolve((metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud)) ACCEPT;
-		}
-	}
-}

Compilation results for enc-4.cloudinfra.eqiad1.wikimedia.cloud: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources only in the old catalog

Resources modified

Relevant files